From: Mathieu Baudier Date: Wed, 29 Jun 2022 07:50:12 +0000 (+0200) Subject: Lazy loading of attributes X-Git-Tag: v2.3.10~149 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=b9810eb23f4e2470952a04c07d15a523c3c61a0e;p=lgpl%2Fargeo-commons.git Lazy loading of attributes --- diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index f6832ad35..0cf5b6839 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -26,7 +26,6 @@ import javax.security.auth.spi.LoginModule; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; -import org.argeo.cms.internal.osgi.NodeUserAdmin; import org.argeo.cms.internal.runtime.CmsContextImpl; import org.argeo.cms.security.CryptoKeyring; import org.argeo.osgi.useradmin.AuthenticatingUser; @@ -237,6 +236,8 @@ public class UserAdminLoginModule implements LoginModule { throw new LoginException("Kerberos login " + authenticatingUser.getName() + " is inconsistent with user admin login " + authenticatedUser.getName()); } + if (log.isTraceEnabled()) + log.trace("Retrieve authorization for " + authenticatingUser + "... "); authorization = Subject.doAs(subject, new PrivilegedAction() { @Override diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java index ac076167e..e6e3f983b 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java @@ -23,7 +23,6 @@ import javax.naming.directory.BasicAttributes; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.security.auth.Subject; -import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.kerberos.KerberosTicket; import org.argeo.util.CurrentSubject; diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/LdifUser.java b/org.argeo.util/src/org/argeo/osgi/useradmin/LdifUser.java index 11de4ed56..a40de1c83 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/LdifUser.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/LdifUser.java @@ -1,7 +1,5 @@ package org.argeo.osgi.useradmin; -import java.util.Dictionary; - import javax.naming.directory.Attributes; import javax.naming.ldap.LdapName; @@ -24,8 +22,4 @@ class LdifUser extends DefaultLdapEntry implements DirectoryUser { return USER; } - @Override - public Dictionary getCredentials() { - return credentials; - } } diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/OsUserDirectory.java b/org.argeo.util/src/org/argeo/osgi/useradmin/OsUserDirectory.java index c052fee1b..466563a4d 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/OsUserDirectory.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/OsUserDirectory.java @@ -95,5 +95,13 @@ public class OsUserDirectory extends AbstractLdapDirectoryDao { } + @Override + public Attributes doGetAttributes(LdapName name) { + try { + return doGetEntry(name).getAttributes(); + } catch (NameNotFoundException e) { + throw new IllegalStateException(name + " doe not exist in " + getDirectory().getBaseDn(), e); + } + } } diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/DefaultLdapEntry.java b/org.argeo.util/src/org/argeo/util/directory/ldap/DefaultLdapEntry.java index 4212c5f55..8db662393 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/DefaultLdapEntry.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/DefaultLdapEntry.java @@ -35,8 +35,8 @@ public class DefaultLdapEntry implements LdapEntry { private Attributes publishedAttributes; // Temporarily expose the fields - protected final AttributeDictionary properties; - protected final AttributeDictionary credentials; + protected AttributeDictionary properties; + protected AttributeDictionary credentials; protected DefaultLdapEntry(AbstractLdapDirectory directory, LdapName dn, Attributes attributes) { Objects.requireNonNull(directory); @@ -44,8 +44,8 @@ public class DefaultLdapEntry implements LdapEntry { this.directory = directory; this.dn = dn; this.publishedAttributes = attributes; - properties = new AttributeDictionary(false); - credentials = new AttributeDictionary(true); +// properties = new AttributeDictionary(false); +// credentials = new AttributeDictionary(true); } @Override @@ -54,6 +54,9 @@ public class DefaultLdapEntry implements LdapEntry { } public synchronized Attributes getAttributes() { + // lazy loading + if (publishedAttributes == null) + publishedAttributes = getDirectory().getDirectoryDao().doGetAttributes(dn); return isEditing() ? getModifiedAttributes() : publishedAttributes; } @@ -103,15 +106,23 @@ public class DefaultLdapEntry implements LdapEntry { public synchronized void publishAttributes(Attributes modifiedAttributes) { publishedAttributes = modifiedAttributes; } - + /* * PROPERTIES */ @Override public Dictionary getProperties() { + if (properties == null) + properties = new AttributeDictionary(false); return properties; } + public Dictionary getCredentials() { + if (credentials == null) + credentials = new AttributeDictionary(false); + return credentials; + } + /* * CREDENTIALS */ diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapConnection.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapConnection.java index f7838381d..748efe350 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapConnection.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapConnection.java @@ -99,6 +99,20 @@ public class LdapConnection { } } + public synchronized boolean entryExists(LdapName name) throws NamingException { + String[] noAttrOID = new String[] { "1.1" }; + try { + getLdapContext().getAttributes(name, noAttrOID); + return true; + } catch (CommunicationException e) { + reconnect(); + getLdapContext().getAttributes(name, noAttrOID); + return true; + } catch (NameNotFoundException e) { + return false; + } + } + public synchronized void prepareChanges(WorkingCopy wc) throws NamingException { // make sure connection will work reconnect(); @@ -121,13 +135,13 @@ public class LdapConnection { } - protected boolean entryExists(LdapName dn) throws NamingException { - try { - return getAttributes(dn).size() != 0; - } catch (NameNotFoundException e) { - return false; - } - } +// protected boolean entryExists(LdapName dn) throws NamingException { +// try { +// return getAttributes(dn).size() != 0; +// } catch (NameNotFoundException e) { +// return false; +// } +// } public synchronized void commitChanges(LdapEntryWorkingCopy wc) throws NamingException { // delete diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java index c33b50f65..e15c005be 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java @@ -68,29 +68,34 @@ public class LdapDao extends AbstractLdapDirectoryDao { @Override public Boolean entryExists(LdapName dn) { try { - return doGetEntry(dn) != null; + return ldapConnection.entryExists(dn); } catch (NameNotFoundException e) { return false; + } catch (NamingException e) { + throw new IllegalStateException("Cannot check " + dn, e); } } @Override public LdapEntry doGetEntry(LdapName name) throws NameNotFoundException { - try { - Attributes attrs = ldapConnection.getAttributes(name); - if (attrs.size() == 0) - return null; + if (!entryExists(name)) + throw new NameNotFoundException(name + " was not found in " + getDirectory().getBaseDn()); +// try { +// Attributes attrs = ldapConnection.getAttributes(name); +// if (attrs.size() == 0) +// return null; + // int roleType = roleType(name); LdapEntry res; Rdn technicalRdn = LdapNameUtils.getParentRdn(name); if (getDirectory().getGroupBaseRdn().equals(technicalRdn)) - res = newGroup(name, attrs); + res = newGroup(name, null); else if (getDirectory().getSystemRoleBaseRdn().equals(technicalRdn)) - res = newGroup(name, attrs); + res = newGroup(name, null); else if (getDirectory().getUserBaseRdn().equals(technicalRdn)) - res = newUser(name, attrs); + res = newUser(name, null); else - res = new DefaultLdapEntry(getDirectory(), name, attrs); + res = new DefaultLdapEntry(getDirectory(), name, null); // if (isGroup(name)) // res = newGroup(name, attrs); // else @@ -98,11 +103,9 @@ public class LdapDao extends AbstractLdapDirectoryDao { // else // throw new IllegalArgumentException("Unsupported LDAP type for " + name); return res; - } catch (NameNotFoundException e) { - throw e; - } catch (NamingException e) { - return null; - } +// } catch (NameNotFoundException e) { +// throw e; +// } } // protected boolean isGroup(LdapName dn) { @@ -117,6 +120,16 @@ public class LdapDao extends AbstractLdapDirectoryDao { // "Cannot find role type, " + technicalRdn + " is not a technical RDN for " + dn); // } + @Override + public Attributes doGetAttributes(LdapName name) { + try { + Attributes attrs = ldapConnection.getAttributes(name); + return attrs; + } catch (NamingException e) { + throw new IllegalStateException("Cannot get attributes for " + name); + } + } + @Override public List doGetEntries(LdapName searchBase, String f, boolean deep) { ArrayList res = new ArrayList<>(); diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDirectoryDao.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDirectoryDao.java index 273993276..81a86fd05 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDirectoryDao.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDirectoryDao.java @@ -14,6 +14,8 @@ public interface LdapDirectoryDao extends WorkingCopyProcessor doGetEntries(LdapName searchBase, String filter, boolean deep); List getDirectGroups(LdapName dn); diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdifDao.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdifDao.java index 740a47624..7387d9e0f 100644 --- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdifDao.java +++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdifDao.java @@ -12,9 +12,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Collections; -import java.util.Dictionary; import java.util.HashSet; -import java.util.Hashtable; import java.util.List; import java.util.NavigableMap; import java.util.Objects; @@ -28,7 +26,6 @@ import javax.naming.NamingException; import javax.naming.directory.Attributes; import javax.naming.ldap.LdapName; -import org.argeo.util.directory.DirectoryConf; import org.argeo.util.directory.HierarchyUnit; import org.argeo.util.naming.LdapObjs; import org.osgi.framework.Filter; @@ -86,12 +83,12 @@ public class LdifDao extends AbstractLdapDirectoryDao { // return scopedUserAdmin; // } - private static Dictionary fromUri(String uri, String baseDn) { - Hashtable res = new Hashtable(); - res.put(DirectoryConf.uri.name(), uri); - res.put(DirectoryConf.baseDn.name(), baseDn); - return res; - } +// private static Dictionary fromUri(String uri, String baseDn) { +// Hashtable res = new Hashtable(); +// res.put(DirectoryConf.uri.name(), uri); +// res.put(DirectoryConf.baseDn.name(), baseDn); +// return res; +// } public void init() { @@ -227,6 +224,15 @@ public class LdifDao extends AbstractLdapDirectoryDao { throw new NameNotFoundException(key + " not persisted"); } + @Override + public Attributes doGetAttributes(LdapName name) { + try { + return doGetEntry(name).getAttributes(); + } catch (NameNotFoundException e) { + throw new IllegalStateException(name + " doe not exist in " + getDirectory().getBaseDn(), e); + } + } + @Override public Boolean entryExists(LdapName dn) { return entries.containsKey(dn);// || groups.containsKey(dn);